Versions (4)
Version DetailsCurrent
Rev: 2 • Jul 8, 2024, 12:00 PMET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI)
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE [ANY.RUN] MetaStealer v.5 CnC Activity (MC-NMF TLS SNI)"; flow:established,to_server, only_stream; content:"|00 01 00 01 02 02 1F|net.tcp://"; startswith; content:"|03 08 09 13|application/ssl-tls"; distance: 0; content:"|00 07 00 00 04 3f|124|00 0a|"; distance: 0; within: 200; fast_pattern; reference:url,community.emergingthreats.net/t/metastealer-v-5-tls/1800; classtype:trojan-activity; sid:2054404; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, tls_state plaintext, created_at 2024_07_08, deployment Perimeter, malware_family MetaStealer, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_07_09, reviewed_at 2025_04_21;)
Jul 8, 2024, 12:00 PM
Jul 9, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 11, 2025, 10:35 PM
rules/emerging-malware.rules